IPv6 troubles

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Today again someone took it upon themselves to send out router advertisements even though they're not a legitimate IPv6 router, with broken IPv6 connectivity as a result.
On the Mac, where IPv6 is enabled by default, so apparent but non- working IPv6 connectivity is extremely annoying, you can see this with: 

ndp -an
Neighbor Linklayer Address Netif Expire St Flgs Prbs 
::1                             (incomplete)         lo0 permanent R
[...]
fe80::204:23ff:fe50:c11d%en0    0:4:23:50:c1:1d      en0 23h48m39s S  R
fe80::206:d6ff:fe0f:b806%en0    0:6:d6:f:b8:6        en0 23h59m42s S  R
fe80::20a:95ff:fecd:987a%en0    0:a:95:cd:98:7a      en0 permanent R
fe80::212:f0ff:fe5f:c4ec%en0    0:12:f0:5f:c4:ec     en0 23h52m15s S  R
An R "flg" indicates a router, with fe80::206:d6ff:fe0f:b806 being the real one. 

You can filter out the unwanted router advertisements with:
sudo ip6fw add 10 permit ipv6-icmp from fe80::206:d6ff:fe0f:b806 to any icmptypes 134 in 
sudo ip6fw add 20 drop ipv6-icmp from any to any icmptypes 134 in
And if you already have broken connectivity, filtering all ICMP messages towards the "router" in question will kickstart dead neighbor detection: 

sudo ip6fw add 30 drop ipv6-icmp from fe80::204:23ff:fe50:c11d to any
Shortly after this you can enjoy the fabulous IPv6 connectivity that the IETF66 meeting has to offer:
traceroute6 to www.ietf.org (2001:503:c779:b::d1ad:35b4) from 2001:510:102:100:20a:95ff:fecd:987a, 30 hops max, 12 byte packets 
1  2001:510:102:100:206:d6ff:fe0f:b806  7.125 ms  0.668 ms  0.561 ms
2  2001:510:100:100::84ca:1c8  0.765 ms !N  0.944 ms !N  3.284 ms !N
traceroute6 to www.isc.org (2001:4f8:0:2::d) from 2001:510:102:100:20a:95ff:fecd:987a, 30 hops max, 12 byte packets 
1  2001:510:102:100:206:d6ff:fe0f:b806  2.201 ms  7.626 ms  1.444 ms
2  2001:410:101:13::1  1.846 ms  1.736 ms  3.85 ms
3  2001:410:101:5::1  24.331 ms  24.983 ms  102.792 ms
4  2001:410:101:30::2  239.214 ms  96.351 ms  96.318 ms
5  2001:320:1b00:1::1  210.57 ms  210.528 ms  210.714 ms
6  2001:320:1a05::10  211.26 ms  220.1 ms  210.472 ms
7  2001:320:1a05::20  211.47 ms  254.317 ms  211.431 ms
8  2001:320:1a09::1  214.655 ms  214.478 ms  214.43 ms
9  2001:320:1a07::2  216.013 ms  216.143 ms  215.784 ms
10  2001:2b8:5:10::2  214.027 ms  228.96 ms  214.316 ms
11  2001:220:1000:42e::2  214.341 ms  220.359 ms  214.777 ms
12  2001:220:1000:400::1  217.728 ms  217.345 ms  217.12 ms
13  2001:220:400:200::1  219.455 ms  266.643 ms  219.859 ms
14  2001:220:1800:200::1  220.861 ms  223.042 ms  391.591 ms
15  3ffe:8140:101:1a::162  228.454 ms  228.31 ms  227.647 ms
16  2001:200:901:1036::2  266.8 ms  228.512 ms  239.632 ms
17  2001:200:901:7::18  228.109 ms  228.281 ms  228.358 ms
18  as2914.nspixp6.net.wide.ad.jp  289.724 ms  288.772 ms  288.343 ms
19 ge-7-0-0.a20.tokyjp01.jp.ra.gin.ntt.net 288.219 ms 288.992 ms 292.174 ms 20 xe-0-0-0.r20.tokyjp01.jp.bb.gin.ntt.net 287.444 ms 289.068 ms 287.622 ms 21 p64-2-3-0.r21.mlpsca01.us.bb.gin.ntt.net 308.109 ms 305.339 ms 304.836 ms 22 xe-0-2-0.r21.plalca01.us.bb.gin.ntt.net 425.596 ms p64-0-0-0.r21.plalca01.us.bb.gin.ntt.net 319.325 ms 304.013 ms 23 p16-1-0-0.r00.plalca01.us.bb.gin.ntt.net 304.464 ms 338.699 ms 305.647 ms 24 p1-0.isc.plalca01.us.bb.gin.ntt.net 318.962 ms 306.91 ms 303.59 ms 
25  www.isc.org  306.776 ms  305.18 ms  304.959 ms

IPv4:

traceroute to www.isc.org (204.152.184.88), 64 hops max, 40 byte packets
1  h0003-net84db (132.219.0.3)  1.761 ms  0.492 ms  0.352 ms
2 ericsson1-internet.dmtrl-uq.risq.net (132.202.60.65) 0.473 ms 0.515 ms 0.416 ms 
3  amtrl-rq.risq.net (192.77.63.49)  0.418 ms  0.475 ms  0.438 ms
4  192.77.63.37 (192.77.63.37)  0.417 ms  0.542 ms  0.411 ms
5 vlan254.msfc2.mtt-montreal.teleglobe.net (66.198.80.1) 0.607 ms 0.647 ms 1.661 ms 6 if-10-0.core1.mtt-montreal.teleglobe.net (207.45.221.129) 1.189 ms 0.594 ms 0.587 ms 7 if-1-3.mcore4.nqt-newyork.teleglobe.net (66.198.81.14) 82.572 ms 82.549 ms 82.575 ms 8 if-4-0.mcore4.pdi-paloalto.teleglobe.net (216.6.86.13) 105.497 ms 83.140 ms 82.882 ms 9 if-7-0.core3.pdi-paloalto.teleglobe.net (216.6.86.2) 82.927 ms 82.929 ms 82.809 ms 10 ix-4-6.core3.pdi-paloalto.teleglobe.net (207.45.196.66) 83.162 ms 82.964 ms 83.226 ms 
11  external.isc.org (204.152.184.88)  92.539 ms  82.764 ms  82.776 ms

_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf
[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]